The unfortunate realty reinforced today: patches were issued in March 2017 that could have provided the necessary protections against these attacks, but the attackers realized that most enterprises would not yet be patched. It’s remarkably timely that the White House Executive Order stated the exact issue so very clearly, yet medical care, international shipping companies, and national governments were so negatively impacted.

The White House was right. Known attacks, left unpatched are your Achilles heel.

According to the Executive Order, “Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies (agencies). Known vulnerabilities include using operating systems or hardware beyond the vendor’s support lifecycle, declining to implement a vendor’s security patch, or failing to execute security-specific configuration guidance”

The cat and mouse game will continue only so long as you need an OS or applications.

Why did this happen?

Every day, an OS or application vendor releases a security patch to solve for an identified vulnerability to one of their systems. Without the patch, an attacker can access an enterprise system and create havoc, exfiltrate IP, or worse, affect the immediacy of health care. However, it is quite apparent the enterprise is dependent on receiving and implementing the security patches so as to keep their estate free from unwelcomed visitors. The security lock downs are reliant on being updated across the estate, to ensure viability and survivability of an attack. Unpatched systems will forever exist, therefore attackers will always have a way in.

The enterprise has vulnerabilities that have yet to be identified or worse yet, have been identified but IT operations can’t patch fast and broad enough due to legacy IT practices. Enterprise architecture, independent of which “gen” it is, legacy or Next Gen, require patches to thwart known attacks, to include everything from weaponized ransomware to kernel to application layer, etc. Generally, patches come only after someone has been compromised. In today’s case, patches were released months ago and the attacks were still successful.

Welcome to virtualization. In the past decade, virtualization revolutionized IT and when applying a proven virtualization and abstraction platform to your endpoint to isolate ransomware or any other known or unknown attack, it’s called Application Isolation.

By applying Application Isolation, the enterprise gains control of their endpoint estate. The enterprise can control who gets to move content from their enterprise systems, encrypt content so that only particular machines can access it (so if the baddies are insiders, they can’t do anything with it once outside), or better yet, completely abstract that which is yours from those that want to get to it.

What this means to enterprises today.

Today, the future has arrived and it’s called Virtualization-based Security (VBS) and the enterprise can not only rest better knowing the news won’t affect them, but also give them back the control and ownership they’ve been paying for. By apply virtualization based security, enterprise IT and Cyber Security teams can patch at their own pace, and survive even weaponized NSA-Grade malware attacks. Bromium’s Application Isolation stops ransomware at the endpoint.

Please note: This demonstration shows one example—malicious documents—of how ransomware like WannaCry can enter your network. Bromium stops ransomware in its tracks. We use virtualization to contain threats – from applications, downloads, files, and while browsing – and you can then choose to let it run or shut it down.

A number of you bought into Bromium VBS starting years ago, and continue today (and we thank you!), knowing, it’s mathematically impossible to predict the future (even if you are given months’ notice), and your systems are now naturally protected. Enterprises can’t keep up with the untenable workloads associated with infrastructure updating. The attackers know they can target you with a piece of content, execute it on your host and own your system. But not if it’s protected by Bromium.

In a time when Public Sector systems are so critical to the sustainability of democracies worldwide, providing health care to the public and defending national security interests, Bromium Application Isolation is available to all government entities. We’ll help you, no questions asked. We started Bromium as an experiment to solve the greatest cyber challenges.